NAME¶
ipmi-oem - IPMI OEM utility
SYNOPSIS¶
ipmi-oem [
OPTION...] <
OEMID>
<
OEMCOMMAND> [
OEMOPTION...]
DESCRIPTION¶
Ipmi-oem is used to execute OEM specific IPMI commands. It is intended to
provide a better user interface for OEM specific IPMI commands rather than
using
ipmi-raw(8). Please see SUPPORTED OEM IDS and COMMANDS below for
a list of supported OEM specific IPMI commands. A list of supported OEM
specific commands may also be generated using the
--list option. There
are no guarantees that the below OEM commands will work on any particular
motherboard. OEM extensions may or may not exist on particular hardware
revisions and/or firmware revisions of motherboards. The extensions may or may
not function for other lines of motherboards from the same manufacturer.
Listed below are general IPMI options, tool specific options, trouble shooting
information, workaround information, examples, and known issues. For a general
introduction to FreeIPMI please see
freeipmi(7).
GENERAL OPTIONS¶
The following options are general options for configuring IPMI communication and
executing general tool commands.
- -D IPMIDRIVER,
--driver-type=IPMIDRIVER
- Specify the driver type to use instead of doing an auto
selection. The currently available outofband drivers are LAN and LAN_2_0,
which perform IPMI 1.5 and IPMI 2.0 respectively. The currently available
inband drivers are KCS, SSIF, OPENIPMI, and SUNBMC.
- --disable-auto-probe
- Do not probe in-band IPMI devices for default
settings.
- --driver-address=DRIVER-ADDRESS
- Specify the in-band driver address to be used instead of
the probed value. DRIVER-ADDRESS should be prefixed with
"0x" for a hex value and '0' for an octal value.
- --driver-device=DEVICE
- Specify the in-band driver device path to be used instead
of the probed path.
- --register-spacing=REGISTER-SPACING
- Specify the in-band driver register spacing instead of the
probed value. Argument is in bytes (i.e. 32bit register spacing = 4)
- -h IPMIHOST1,IPMIHOST2,...,
--hostname= IPMIHOST1,IPMIHOST2,...
- Specify the remote host(s) to communicate with. Multiple
hostnames may be separated by comma or may be specified in a range format;
see HOSTRANGED SUPPORT below.
- -u USERNAME,
--username=USERNAME
- Specify the username to use when authenticating with the
remote host. If not specified, a null (i.e. anonymous) username is
assumed. The required user privilege will depend on the oem commands
executed.
- -p PASSWORD,
--password=PASSWORD
- Specify the password to use when authenticationg with the
remote host. If not specified, a null password is assumed. Maximum
password length is 16 for IPMI 1.5 and 20 for IPMI 2.0.
- -P, --password-prompt
- Prompt for password to avoid possibility of listing it in
process lists.
- -k K_G, --k-g=K_G
- Specify the K_g BMC key to use when authenticating with the
remote host for IPMI 2.0. If not specified, a null key is assumed. To
input the key in hexadecimal form, prefix the string with '0x'. E.g., the
key 'abc' can be entered with the either the string 'abc' or the string
'0x616263'
- -K, --k-g-prompt
- Prompt for k-g to avoid possibility of listing it in
process lists.
- --session-timeout=MILLISECONDS
- Specify the session timeout in milliseconds. Defaults to
20000 milliseconds (20 seconds) if not specified.
- --retransmission-timeout=MILLISECONDS
- Specify the packet retransmission timeout in milliseconds.
Defaults to 1000 milliseconds (1 second) if not specified. The
retransmission timeout cannot be larger than the session timeout.
- -a AUTHENTICATION-TYPE,
--authentication-type= AUTHENTICATION-TYPE
- Specify the IPMI 1.5 authentication type to use. The
currently available authentication types are NONE, STRAIGHT_PASSWORD_KEY,
MD2, and MD5. Defaults to MD5 if not specified.
- -I CIPHER-SUITE-ID,
--cipher-suite-id=CIPHER-SUITE-ID
- Specify the IPMI 2.0 cipher suite ID to use. The Cipher
Suite ID identifies a set of authentication, integrity, and
confidentiality algorithms to use for IPMI 2.0 communication. The
authentication algorithm identifies the algorithm to use for session
setup, the integrity algorithm identifies the algorithm to use for session
packet signatures, and the confidentiality algorithm identifies the
algorithm to use for payload encryption. Defaults to cipher suite ID 3 if
not specified. The following cipher suite ids are currently supported:
0 - Authentication Algorithm = None; Integrity Algorithm = None;
Confidentiality Algorithm = None
1 - Authentication Algorithm = HMAC-SHA1; Integrity Algorithm = None;
Confidentiality Algorithm = None
2 - Authentication Algorithm = HMAC-SHA1; Integrity Algorithm =
HMAC-SHA1-96; Confidentiality Algorithm = None
3 - Authentication Algorithm = HMAC-SHA1; Integrity Algorithm =
HMAC-SHA1-96; Confidentiality Algorithm = AES-CBC-128
6 - Authentication Algorithm = HMAC-MD5; Integrity Algorithm = None;
Confidentiality Algorithm = None
7 - Authentication Algorithm = HMAC-MD5; Integrity Algorithm = HMAC-MD5-128;
Confidentiality Algorithm = None
8 - Authentication Algorithm = HMAC-MD5; Integrity Algorithm = HMAC-MD5-128;
Confidentiality Algorithm = AES-CBC-128
11 - Authentication Algorithm = HMAC-MD5; Integrity Algorithm = MD5-128;
Confidentiality Algorithm = None
12 - Authentication Algorithm = HMAC-MD5; Integrity Algorithm = MD5-128;
Confidentiality Algorithm = AES-CBC-128
17 - Authentication Algorithm = HMAC-SHA256; Integrity Algorithm =
HMAC_SHA256_128; Confidentiality Algorithm = AES-CBC-128
- -l PRIVILEGE-LEVEL,
--privilege-level=PRIVILEGE-LEVEL
- Specify the privilege level to be used. The currently
available privilege levels are USER, OPERATOR, and ADMIN. Defaults to
ADMIN if not specified.
- --config-file=FILE
- Specify an alternate configuration file.
- -W WORKAROUNDS,
--workaround-flags=WORKAROUNDS
- Specify workarounds to vendor compliance issues. Multiple
workarounds can be specified separated by commas. A special command line
flag of "none", will indicate no workarounds (may be useful for
overriding configured defaults). See WORKAROUNDS below for a list of
available workarounds.
- --debug
- Turn on debugging.
- -?, --help
- Output a help list and exit.
- --usage
- Output a usage message and exit.
- -V, --version
- Output the program version and exit.
SDR CACHE OPTIONS¶
This tool requires access to the sensor data repository (SDR) cache for general
operation. By default, SDR data will be downloaded and cached on the local
machine. The following options apply to the SDR cache.
- -f, --flush-cache
- Flush a cached version of the sensor data repository (SDR)
cache. The SDR is typically cached for faster subsequent access. However,
it may need to be flushed and re-generated if the SDR has been updated on
a system.
- -Q, --quiet-cache
- Do not output information about cache creation/deletion.
May be useful in scripting.
- --sdr-cache-directory=DIRECTORY
- Specify an alternate directory for sensor data repository
(SDR) caches to be stored or read from. Defaults to the home directory if
not specified.
- --sdr-cache-file=FILE
- Specify a specific sensor data repository (SDR) cache file
to be stored or read from.
- --sdr-cache-recreate
- If the SDR cache is out of date or invalid, automatically
recreate the sensor data repository (SDR) cache. This option may be useful
for scripting purposes.
HOSTRANGED OPTIONS¶
The following options manipulate hostranged output. See HOSTRANGED SUPPORT below
for additional information on hostranges.
- -B, --buffer-output
- Buffer hostranged output. For each node, buffer standard
output until the node has completed its IPMI operation. When specifying
this option, data may appear to output slower to the user since the the
entire IPMI operation must complete before any data can be output. See
HOSTRANGED SUPPORT below for additional information.
- -C, --consolidate-output
- Consolidate hostranged output. The complete standard output
from every node specified will be consolidated so that nodes with
identical output are not output twice. A header will list those nodes with
the consolidated output. When this option is specified, no output can be
seen until the IPMI operations to all nodes has completed. If the user
breaks out of the program early, all currently consolidated output will be
dumped. See HOSTRANGED SUPPORT below for additional information.
- -F NUM, --fanout=NUM
- Specify multiple host fanout. A "sliding window"
(or fanout) algorithm is used for parallel IPMI communication so that
slower nodes or timed out nodes will not impede parallel communication.
The maximum number of threads available at the same time is limited by the
fanout. The default is 64.
- -E, --eliminate
- Eliminate hosts determined as undetected by
ipmidetect. This attempts to remove the common issue of hostranged
execution timing out due to several nodes being removed from service in a
large cluster. The ipmidetectd daemon must be running on the node
executing the command.
- --always-prefix
- Always prefix output, even if only one host is specified or
communicating in-band. This option is primarily useful for scripting
purposes. Option will be ignored if specified with the -C
option.
IPMI-OEM OPTIONS¶
The following options are specific to
Ipmi-oem.
- -L, --list
- List supported OEM IDs and Commands.
- -v, --verbose
- Output verbose information. Additional output will depend
on specific OEM ID and OEM COMMANDS specified.
SUPPORTED OEM IDS and COMMANDS¶
The currently supported OEM IDs and COMMANDs are listed below. The special OEM
ID of
list may be passed into the list all supported OEM IDs and
Commands. The special OEM command
list may be passed to any OEM ID to
list commands supported by that OEM ID.
- Dell
- get-system-info KEY
- This OEM command can retrieve the motherboard system
information. Valid keys are guid, asset-tag,
service-tag, chassis-service-tag,
chassis-related-service-tag, board-revision,
platform-model-name, slot-number, system-revision,
idrac-info, idrac-ipv4-url,
idrac-gui-webserver-control, cmc-ipv4-url,
cmc-ipv6-info, cmc-ipv6-url, mac-addresses. Command
confirmed to work on Dell Poweredge 2900, 2950, R610, R710, M600, M610,
M610X, M910, and R905. However, individual system information options may
not be readable or available on every system.
- get-nic-selection
- This OEM command will determine the current NIC selection
for IPMI as dedicated, shared, shared w/ failover to NIC2, or shared w/
failover to all. Dedicated indicates IPMI is only available on an
expansion card, shared indicates IPMI is available on NIC1, shared w/
failover to NIC2 indicates IPMI is available on NIC1 w/ failover to NIC2
on NIC1's failure, and shared w/ failover to all indicates IPMI is
available on NIC1 w/ failover to all other NICs in the event of NIC
failure. Command confirmed to work on Dell Poweredge 2900, 2950, R610,
R710, and R905.
- set-nic-section
dedicated|shared|shared_failover_nic2|shared_failover_all
- This OEM command will set the current NIC selection to
dedicated, shared, shared_failover_nic2, or shared_failover_all. (See
get-nic-selection above for description on inputs.) On older
Poweredge systems, shared_failover_nic2 may have been documented as
just failover. Command confirmed to work on Dell Poweredge 2900,
2950, R610, R710, and R905.
- get-active-lom-status
- This OEM command will get the current NIC being used for
out of band management. Command confirmed to work on Dell Poweredge R610
and R710 (Dell 11G Poweredge systems).
- get-ssh-config
- This OEM command will get the current SSH configuration on
the IPMI card. Command confirmed to work on Dell Poweredge R610 and R710
(Dell 11G Poweredge systems).
- set-ssh-config KEY=VALUE ...
- This OEM command will set the current SSH configuration on
the IPMI card. The possible keys and values are ssh=enable|disable,
idletimeout=seconds, and portnumber=num. Multiple key=value
pairs may be specified. If no key=value pairs are specifed, available
pairs are output. Some fields may be read-only on specific Poweredge
systems. Command confirmed to work on Dell Poweredge R610 and R710 (Dell
11G Poweredge systems).
- get-telnet-config
- This OEM command will get the current telnet configuration
on the IPMI card. Command confirmed to work on Dell Poweredge R610 and
R710 (Dell 11G Poweredge systems).
- set-telnet-config KEY=VALUE ...
- This OEM command will set the current Telnet configuration
on the IPMI card. The possible keys and values are
telnet=enable|disable, sessiontimeout=seconds,
portnumber=num, and 7fls=enable|disable. Multiple key=value
pairs may be specified. If no key=value pairs are specifed, available
pairs are output. Some fields may be read-only on specific Poweredge
systems. Command confirmed to work on Dell Poweredge R610 and R710 (Dell
11G Poweredge systems).
- get-web-server-config
- This OEM command will get the current web server
configuration on the IPMI card. Command confirmed to work on Dell
Poweredge R610 and R710 (Dell 11G Poweredge systems).
- set-web-server-config KEY=VALUE ...
- This OEM command will set the current Web Server
configuration on the IPMI card. The possible keys and values are
webserver=enable|disable, sessiontimeout=seconds,
httpportnumber=num, and httpsportnumber=num. Multiple
key=value pairs may be specified. If no key=value pairs are specifed,
available pairs are output. Some fields may be read-only on specific
Poweredge systems. Command confirmed to work on Dell Poweredge R610 and
R710 (Dell 11G Poweredge systems).
- get-active-directory-config
- This OEM command will get the current active directory
configuration on the IPMI card. Command confirmed to work on Dell
Poweredge R610 and R710 (Dell 11G Poweredge systems).
- set-active-directory-config
- This OEM command will set the current Web Server
configuration on the IPMI card. The possible keys and values are
activedirectory=enable|disable, timeout=seconds,
type=extended|standard, sso=enable|disable, and
certificatevalidation=enable|disable. If no key=value pairs are
specifed, available pairs are output. Some fields may be read-only on
specific Poweredge systems. Command confirmed to work on Dell Poweredge
R610 and R710 (Dell 11G Poweredge systems).
- reset-to-defaults
- This OEM command will reset the BMC configuration back to
default values. The command will spin until the reset is confirmed to be
complete. Command confirmed to work on Dell Poweredge R610 and R710 (Dell
11G Poweredge systems).
- get-power-consumption-data
- This OEM command can retrieve power consumption data.
Command confirmed to work on Dell Poweredge R610, R710, R905, M610, M610x,
and M910.
- reset-power-consumption-data
cumulative|peak
- This OEM command can reset the cumulative or peak power
consumption data (viewed via get-power-consumption-data). Command
confirmed to work on Dell Poweredge R610, R710, R905, M610, M610x, and
M910.
- power-supply-info
- This OEM command can read and output power supply ratings
and other information. This OEM command requires access to the SDR.
Command confirmed to work on Dell Poweredge R610, R710, and M610.
- get-instantaneous-power-consumption-data
power_supply_instance
- This OEM command can read instantaneous power consumption
data. If a power supply instance number is specified, only data for that
instance will be gathered. Otherwise, collective power consumption will be
gathered. Command confirmed to work on Dell Poweredge R610, R710, M610,
M610x, and M910.
- get-power-head-room
- This OEM command can read power head room. Command
confirmed to work on Dell Poweredge R610 and R710 (Dell 11G Poweredge
systems).
- get-power-consumption-statistics
average|max|min
- This OEM command can read average, max, or min power
consumption history. Command confirmed to work on Dell Poweredge R610,
R710, M610, M610x, and M910.
- get-power-capacity
- This OEM command can read the current power capacity.
Command confirmed to work on Dell Poweredge R610, R710, M610, M610x, and
M910.
- set-power-capacity power-capacity
- This OEM command can write the current power capacity
(specified in Watts). Command confirmed to work on Dell Poweredge R610 and
R710 (Dell 11G Poweredge systems).
- get-power-capacity-status
- This OEM command can determine if the current power
capacity is enabled or disabled. Command confirmed to work on Dell
Poweredge R610, R710, M610, M610x, and M910.
- set-power-capacity-status enable|disable
- This OEM command can configure the current power capacity
to be enabled or disabled. Command confirmed to work on Dell Poweredge
R610 and R710 (Dell 11G Poweredge systems).
- get-chassis-identify-status
- This OEM command will retrieve the current chassis identify
(i.e. LED) status. Command confirmed to work on Dell Poweredge 2900, 2950,
R610, R710, R905, M600, M610, M610x, and M910.
- slot-power-toggle slot-number
- This OEM command will perform a power toggle on a PCIe
slot. The PCIe slot number can range from 1 to 16. Command confirmed to
work on Dell Poweredge C410x.
- slot-power-control platform-model
on|off|status slot-number
- This OEM command will perform a power control action on a
PCIe slot. This OEM extension is tied very closely to a platform, so a
supported platform must be specified. The currently supported
platform-model options are C410x. The on action
powers on a slot, off powers off a slot, and status returns
if the current power is on or off. If the current power status is on, an
on action does nothing. Similarly, if the current power status is
off, an off action does nothing. The on, off, and
status slot power actions are not native and are emulated through a
combination of a power toggle (using slot-power-toggle above) and
the reading of PCIe slot watt sensors. The PCIe slot number can range from
1 to 16. Command confirmed to work on Dell Poweredge C410x.
- get-port-map
- This OEM command will retrieve the current iPASS mapping to
PCIe controllers/slots. Command confirmed to work on Dell Poweredge
C410x.
- set-port-map jumper|bmc ipass-mapping
1:2|1:4|1:8
- This OEM command will set an iPass mapping to PCIe
controllers/slots. jumper or bmc must be specified to
indicate if iPass mappings will be controlled via jumpers on the system or
via a BMC/IPMI. In order for reconfiguration to be done via
ipmi-oem, the user must select bmc. The ipass-mapping
determines which iPass ports will be mapped. 1:2, 1:4, and
1:8 determine the mapping that should be set. See details below for
specific platforms. Command confirmed to work on Dell Poweredge C410x. For
the Dell Poweredge C410x, the ipass-mapping ranges from 1 to 4.
1 refers to iPass 1 and 5, 2 to 2 and 6, 3 to 3 and
7, and 4 to 4 and 8. For the platform C410x, PCIe slots 1,
2, 3, 4, 13, 14, 15, and 16 are attached to iPass 1, 2, 3, and 4. PCIe
slots 5, 6, 7, 8, 9, 10, 11, and 12 are attached to iPass 5, 6, 7, and 8.
For example, if 1:2 is set on mapping-number 1, PCIe
slots 1 and 15 will be assigned to iPass 1 and slots 2 and 16 will be
assigned to iPass 5. if 1:4 is chosen, PCIe slots 1, 2, 15, and 16
will be assigned to iPass 1 and iPass 5 will not be used.
- Fujitsu
- get-power-on-source
- This OEM command will return the reason for the most recent
Power On. Command confirmed to work on Fujitsu RX100 S5.
- get-power-off-source
- This OEM command will return the reason for the most recent
Power Off. Command confirmed to work on Fujitsu RX100 S5.
- get-remote-storage-status
connection_number
- This OEM command will return the connection and/or status
of remote storage. connection_number currently supports a range of
0-1. Command confirmed to work on Fujitsu RX100 S5.
- get-system-status
- This OEM command will return the current system status.
Command confirmed to work on Fujitsu RX100 S5.
- get-eeprom-version-info eeprom_number
- This OEM command will return the current version info for
various hardware elements, including firmware, SDR, and boot revision.
eeprom_number currently supports a range of 0-1. Command confirmed
to work on Fujitsu RX100 S5.
- get-identify-led
- This OEM command will get the current identify LED status.
Command confirmed to work on Fujitsu RX100 S5.
- set-identify-led on|off
- This OEM command will set the current identify LED status.
Command confirmed to work on Fujitsu RX100 S5.
- get-error-led
- This OEM command will get the current error LED status.
Command confirmed to work on Fujitsu RX100 S5.
- get-sel-entry-long-text sel_record_id
- This OEM command will retrieve the Fujitsu specific string
interpretation of a SEL record. This command may be useful for
interpreting Fujitsu OEM hex codes found in the SEL. A specific SEL record
ID must be specified. Please see ipmi-sel(8), for retrieving SEL
records. Command confirmed to work on Fujitsu RX100 S5.
- IBM
- get-led
- This OEM command will get the current LED status. This OEM
command requires access to the SDR. Command confirmed to work on IBM
x3755.
- Intel
- get-smtp-config [channel-number]
- This OEM command will get the current SMTP configuration on
the IPMI card. By default, configuration for every LAN channel will be
output. If a channel-number is specified, only that specific
channel number's configuration will be output. Command confirmed to work
on Intel S5500WB (Penguin Computing Relion 700) and Intel S2600JF (Appro
512X).
- set-smtp-config [channel-number] KEY=VALUE
...
- This OEM command will set the current SMTP configuration on
the IPMI card. By default, configuration will be done for all LAN
channels. If a channel-number is specified, only that specific
channel number's configuration will be configured. The possible keys and
values are smtp=enable|disable, smtpserveraddress=ipaddress,
smtpusername=string, userpassword=string,
emailaddress=string, subject=string,
messagecontent=string, senderemailaddress=string, and
smtphostname=string. Multiple key=value pairs may be specified. If
no key=value pairs are specifed, available pairs are output. Command
confirmed to work on Intel S5500WB (Penguin Computing Relion 700) and
Intel S2600JF (Appro 512X).
- get-power-restore-delay
- This OEM command will retrieve the power on delay. The
power on delay is a delay that occurs whenever the BMC turns on the system
according to the Power Restore Policy setting. It does not take effect
otherwise (i.e. power button or Chassis Control). Command confirmed to
work on Intel S2600JF (Appro 512X).
- set-power-restore-delay seconds
- This OEM command will set the power on delay. (See
get-power-restore-delay above for description on power restore
delay). Command confirmed to work on Intel S2600JF (Appro 512X).
- restore-configuration
- This OEM command will restore BMC configuration values back
to default values. The command will spin until the restore is confirmed to
be complete. Command configured to work on Intel S5500WB (Penguin
Computing Relion 700) and Intel S2600JF (Appro 512X). After running this
command, the BMC must be reset to return it to functioning status. This
may be accomplished by executing a cold-reset with
bmc-device(8).
- IntelNM (Intel Node Manager)
The following OEM commands operate on Intel chipsets with Node Manager support.
They all require access to the SDR. They may work on multiple vendors
motherboards.
- get-node-manager-statistics [domainid=num]
[policyid=num]
- This OEM command will output the Intel Node Manager
statistics. The user may optionally specify a domainid or
policyid. The default domainid is 0. If a policyid is
specified, per policy statistics will be output, otherwise global
statistics will be output. Command confirmed to work on Intel S5500WB
(Penguin Computing Relion 700), Inventec 5441/5442 (Dell Xanadu II/III),
Quanta S99Q (Dell FS12-TY), Quanta QSSC-S4R (Appro GB812X-CN).
- reset-node-manager-statistics [domainid=num]
[policyid=num]
- This OEM command will reset the Intel Node Manager
statistics. The user may optionally specify a domainid or
policyid. The default domainid is 0. If a policyid is
specified, per policy statistics will be reset, otherwise global
statistics will be reset. Command confirmed to work on Intel S5500WB
(Penguin Computing Relion 700), Inventec 5441/5442 (Dell Xanadu II/III),
Quanta S99Q (Dell FS12-TY), Quanta QSSC-S4R (Appro GB812X-CN).
- get-node-manager-version
- This OEM command will output the current Intel Node Manager
version information. Command confirmed to work on Intel S5500WB (Penguin
Computing Relion 700), Inventec 5441/5442 (Dell Xanadu II/III), Quanta
S99Q (Dell FS12-TY), Quanta QSSC-S4R (Appro GB812X-CN).
- Inventec
- get-nic-mode
- This OEM command will determine the current NIC mode as
dedicated or shared. Dedicated indicates IPMI is only available on the
dedicated management port. Shared indicates IPMI is also available on one
of the primary ethernet ports. Command confirmed to work on Inventec
5441/5442 (Dell Xanadu II/III).
- set-nic-mode dedicated|shared
- This OEM command will set the current NIC mode to dedicated
or shared. (See get-nic-mode above for description on dedicated vs.
shared mode.) This OEM command may internally reset the BMC, making the
BMC unusable for awhile. Command confirmed to work on Inventec 5441/5442
(Dell Xanadu II/III).
- get-mac-address
- This command will retrieve the BMC MAC address. This is
actually not an OEM command, but rather the normal IPMI MAC address
command (identical to what is used in the bmc-config(8) tool). This
command is placed here for convenience.
- set-mac-address dedicated|shared
MACADDR
- This OEM command will set the dedicated or shared BMC MAC
address. (See get-nic-mode above for description on dedicated vs.
shared mode.) The BMC MAC address cannot be set through the normal IPMI
MAC address command (what is used in the bmc-config(8) tool). The
MACADDR should be specified in XX:XX:XX:XX:XX:XX form. A shared BMC MAC
address may conflict with normal communication ethernet communication on
the primary ethernet port. Users may wish to configuration an alternate
MAC address instead. After configuration of the MAC address, the BMC must
be reset. This may be accomplished by executing a cold-reset with
bmc-device(8). Command confirmed to work on Inventec 5441/5442
(Dell Xanadu II/III).
- get-bmc-services
- This OEM command will display the currently enabled BMC
services. Command confirmed to work on Inventec 5441/5442 (Dell Xanadu
II/III).
- set-bmc-services enable|disable
all|kvm|http|ssh
- This OEM command will enable or disable other BMC services
besides IPMI. all can be specified to enable/disable all services,
kvm specifies KVM and Virtual Storage, http specifies HTTP
and HTTPS, and ssh specifies both SSH and Telnet. Command confirmed
to work on Inventec 5441/5442 (Dell Xanadu II/III).
- get-authentication-config
- This OEM command will display additional OEM authentication
settings. (See set-authentication-config below for description on
outputs.) Command confirmed to work on Inventec 5441/5442 (Dell Xanadu
II/III).
- set-authentication-config KEY=VALUE ...
- This OEM command will set additional OEM authentication
settings on the IPMI card. The possible keys and values are
maxauthenticationfailures=count, lockoutwindow=seconds,
lockouttime=seconds, and httpsportnumber=num.
maxauthenticationfailures specifies the maximum number of allowed
authentication failures. lockoutwindow specifies the window of time
the authentication failure count can be reached in to disable a user.
lockouttime specifies the time period a user is disabled if the
authentication failure count is reached. Setting 0 to any of the settings
will disable the lockout feature. Each time any of these settings is
modified, the authentication failure count of each enabled user is reset
to 0. Multiple key=value pairs may be specified. If no key=value pairs are
specifed, available pairs are output. Command confirmed to work on
Inventec 5441/5442 (Dell Xanadu II/III).
- get-account-status
- This OEM command will output the current account status of
users on the BMC. This command is particularly usefor for determinining
which users in the system may have been locked out via authentication
failures configured via set-authentication-config. Command
confirmed to work on Inventec 5441/5442 (Dell Xanadu II/III).
- get-dns-config
- This OEM command will display additional OEM DNS settings.
(See set-dns-config below for description on outputs.) Command
confirmed to work on Inventec 5441/5442 (Dell Xanadu II/III).
- set-dns-config KEY=VALUE ...
- This OEM command will set additional OEM DNS settings on
the IPMI card. The possible keys and values are
dnsdhcp=enable|disable, dnsserver1=ipaddress,
dnsserver2=ipaddress, dnsregisterbmc=enable|disable,
dnsbmchostname=string, dnsdomainnamedhcp=enable|disable, and
dnsdomainname=string. dnsdhcp specifies if the DNS server IP
addresses should be assigned from the DHCP server. dnsserver1 and
dnsserver2 specify the IP addess for server 1 and 2 respectively.
These fields are read only if dnsdhcp and DHCP are enabled.
dnsregisterbmc specifies if the BMC host name is registered via the
DNS server. dnsbmchostname specifies the BMC host name. This field
is read only if dnsregisterbmc is enabled. dnsdomainnamedhcp
specifies if the DNS domainname should be assigned from the DHCP server.
dnsdomainname specifies the DNS domain name string. This field is
read only if dnsdomainnamedhcp is enabled. Multiple key=value pairs
may be specified. If no key=value pairs are specifed, available pairs are
output. Command confirmed to work on Inventec 5441/5442 (Dell Xanadu
II/III).
- get-web-server-config
- This OEM command will get the current web server
configuration on the IPMI card. Command confirmed to work on Inventec
5441/5442 (Dell Xanadu II/III).
- set-web-server-config KEY=VALUE ...
- This OEM command will set the current web server
configuration on the IPMI card. The possible keys and values are
webserver=enable|disable, webservertimeout=seconds,
httpportnumber=num, and httpsportnumber=num. Multiple
key=value pairs may be specified. If no key=value pairs are specifed,
available pairs are output. Command confirmed to work on Inventec
5441/5442 (Dell Xanadu II/III).
- get-power-management-config
- This OEM command will get the current power management
configuration on the IPMI card. Command confirmed to work on Inventec
5441/5442 (Dell Xanadu II/III).
- set-power-management-config KEY=VALUE
...
- This OEM command will set the current power management
configuration on the IPMI card. The possible keys and values are
dpnmpowermanagement=enable|disable,
powerstaggeringacrecovery=immediate|auto|user,
powerondelay=seconds, and maxpowerondelay=seconds.
dpnmpowermanagement enables or diables DPNM, Dynamic Power Node
Management. For powerstaggeringacrecovery, immediate
specifies no delay, auto generates a delay time between the minimum
and maximum configured, and user uses the user defined time defined
by powerondelay. powerondelay must be within the minimum and
maximum power on delay times. Multiple key=value pairs may be specified.
If no key=value pairs are specifed, available pairs are output. Command
confirmed to work on Inventec 5441/5442 (Dell Xanadu II/III).
- get-sol-idle-timeout
- This OEM command will get the SOL idle timeout. Command
confirmed to work on Inventec 5441/5442 (Dell Xanadu II/III).
- set-sol-idle-timeout idle-timeout
- This OEM command will set the SOL idle timeout. The
idle-timeout is one-based, max of 65535, in 1 minute increments
(e.g. 1 = 1 minute), 0 or "none" will configure no timeout.
Command confirmed to work on Inventec 5441/5442 (Dell Xanadu II/III).
- get-telnet-ssh-redirect-status
- This OEM command will get the telnet/SSH redirect status.
Command confirmed to work on Inventec 5442 (Dell Xanadu III).
- set-telnet-ssh-redirect-status
enable|disable
- This OEM command will enable or disable telnet/SSH redirect
status. Command confirmed to work on Inventec 5442 (Dell Xanadu III).
- get-board-id
- This OEM command can get the board ID. Command confirmed to
work on Inventec 5441/5442 (Dell Xanadu II/III).
- set-board-id ID
- This OEM command can set the board ID. Command confirmed to
work on Inventec 5441/5442 (Dell Xanadu II/III).
- get-fcb-version
- This OEM command can get the fan control board (FCB)
version number. Command confirmed to work on Inventec 5441/5442 (Dell
Xanadu II/III).
- set-fcb-version majorversion
minorversion
- This OEM command can set the fan control board (FCB)
version number. The majorversion and minorversion must be
specified in hex. Command confirmed to work on Inventec 5441/5442 (Dell
Xanadu II/III).
- get-sol-inactivity-timeout
- This OEM command will retrieve the SOL inactivity timeout.
Command confirmed to work on Inventec 5441/5442 (Dell Xanadu II/III).
- set-sol-inactivity-timeout
inactivity-timeout
- This OEM command will set the SOL inactivity timeout. The
inactivity-timeout is one-based, max of 65535, in 1 minute
increments (e.g. 1 = 1 minute), 0 or "none" will configure no
timeout. Command confirmed to work on Inventec 5441/5442 (Dell Xanadu
II/III).
- restore-to-defaults
all|user|lan|sol|serial|pef
- This OEM command will restore certain BMC configuration
sections back to default values. The command will spin until the reset is
confirmed to be complete. Command confirmed to work on Inventec 5442 (Dell
Xanadu III). After running this command, the BMC must be reset to return
it to functioning status. This may be accomplished by executing a
cold-reset with bmc-device(8).
- read-eeprom at24c256n
- This OEM command will read the specified eeprom. Command
confirmed to work on Inventec 5441 (Dell Xanadu II) for
at24c256.
- clear-eeprom at24c256n
- This OEM command will clear the specified eeprom,
overwriting all bytes with 0xFF. If the verbose option is set, progress
percent will be output as the clearing is being done. Command confirmed to
work on Inventec 5441 (Dell Xanadu II) for at24c256.
- Quanta
- get-nic-mode
- This OEM command will determine the current NIC mode as
dedicated or shared. Dedicated indicates IPMI is only available on the
dedicated management port. Shared indicates IPMI is also available on one
of the primary ethernet ports. Command confirmed to work on Quanta S99Q
(Dell FS12-TY).
- set-nic-mode dedicated|shared
- This OEM command will set the current NIC mode to dedicated
or shared. (See get-nic-mode above for description on dedicated vs.
shared mode.) This OEM command may internally reset the BMC, making the
BMC unusable for awhile. Command confirmed to work on Quanta S99Q (Dell
FS12-TY).
- get-bmc-services
- This OEM command will display the currently enabled BMC
services. Command confirmed to work on Quanta S99Q (Dell FS12-TY).
- set-bmc-services enable|disable
all|kvm|http|ssh
- This OEM command will enable or disable other BMC services
besides IPMI. all can be specified to enable/disable all services,
kvm specifies KVM and Virtual Storage, http specifies HTTP
and HTTPS, and ssh specifies both SSH and Telnet. Command confirmed
to work on Quanta S99Q (Dell FS12-TY).
- get-account-status
- This OEM command will output the current account status of
users on the BMC. This command is particularly usefor for determinining
which users in the system may have been locked out via authentication
failures configured via set-authentication-config. Command
confirmed to work on Quanta S99Q (Dell FS12-TY).
- get-dns-config
- This OEM command will display additional OEM DNS settings.
(See set-dns-config below for description on outputs.) Command
confirmed to work on Quanta S99Q (Dell FS12-TY).
- set-dns-config KEY=VALUE ...
- This OEM command will set additional OEM DNS settings on
the IPMI card. The possible keys and values are
dnsdhcp=enable|disable, dnsserver1=ipaddress,
dnsserver2=ipaddress, dnsregisterbmc=enable|disable,
dnsbmchostname=string, dnsdomainnamedhcp=enable|disable, and
dnsdomainname=string. dnsdhcp specifies if the DNS server IP
addresses should be assigned from the DHCP server. dnsserver1 and
dnsserver2 specify the IP addess for server 1 and 2 respectively.
These fields are read only if dnsdhcp and DHCP are enabled.
dnsregisterbmc specifies if the BMC host name is registered via the
DNS server. dnsbmchostname specifies the BMC host name. This field
is read only if dnsregisterbmc is enabled. dnsdomainnamedhcp
specifies if the DNS domainname should be assigned from the DHCP server.
dnsdomainname specifies the DNS domain name string. This field is
read only if dnsdomainnamedhcp is enabled. Multiple key=value pairs
may be specified. If no key=value pairs are specifed, available pairs are
output. Command confirmed to work on Quanta S99Q (Dell FS12-TY).
- get-web-server-config
- This OEM command will get the current web server
configuration on the IPMI card. Command confirmed to work on Quanta S99Q
(Dell FS12-TY).
- set-web-server-config KEY=VALUE ...
- This OEM command will set the current web server
configuration on the IPMI card. The possible keys and values are
webserver=enable|disable, webservertimeout=seconds,
httpportnumber=num, and httpsportnumber=num. Multiple
key=value pairs may be specified. If no key=value pairs are specifed,
available pairs are output. Command confirmed to work on Quanta S99Q (Dell
FS12-TY).
- get-power-management-config
- This OEM command will get the current power management
configuration on the IPMI card. Command confirmed to work on Quanta S99Q
(Dell FS12-TY).
- set-power-management-config KEY=VALUE
...
- This OEM command will set the current power management
configuration on the IPMI card. The possible keys and values are
dpnmpowermanagement=enable|disable,
powerstaggeringacrecovery=immediate|auto|user,
powerondelay=seconds, and maxpowerondelay=seconds.
dpnmpowermanagement enables or diables DPNM, Dynamic Power Node
Management. For powerstaggeringacrecovery, immediate
specifies no delay, auto generates a delay time between the minimum
and maximum configured, and user uses the user defined time defined
by powerondelay. powerondelay must be within the minimum and
maximum power on delay times. Multiple key=value pairs may be specified.
If no key=value pairs are specifed, available pairs are output. Command
confirmed to work on Quanta S99Q (Dell FS12-TY).
- get-sol-idle-timeout
- This OEM command will get the SOL idle timeout. Command
confirmed to work on Quanta S99Q (Dell FS12-TY).
- set-sol-idle-timeout idle-timeout
- This OEM command will set the SOL idle timeout. The
idle-timeout is one-based, max of 65535, in 1 minute increments
(e.g. 1 = 1 minute), 0 or "none" will configure no timeout.
Command confirmed to work on Quanta S99Q (Dell FS12-TY).
- get-telnet-ssh-redirect-status
- This OEM command will get the telnet/SSH redirect status.
Command confirmed to work on Quanta S99Q (Dell FS12-TY).
- set-telnet-ssh-redirect-status
enable|disable
- This OEM command will enable or disable telnet/SSH redirect
status. Command confirmed to work on Quanta S99Q (Dell FS12-TY).
- reset-to-defaults
all|user|lan|sol|serial|pef
- This OEM command will reset certain BMC configuration
sections back to default values. The command will spin until the reset is
confirmed to be complete. Command confirmed to work on Quanta S99Q (Dell
FS12-TY). After running this command, the BMC must be reset to return it
to functioning status. This may be accomplished by executing a cold-reset
with bmc-device(8).
- get-processor-information
[processor-index]
- This OEM command will determine system processor
information. By default, information about each processor will be output.
If a processor-index is specified, only that specific processor
will be output. Command confirmed to work on Quanta S99Q (Dell
FS12-TY).
- read-mac-address s99q
dedicated|shared
- This command will read the currently configured dedicated
or shared MAC address for a specified motherboard. It will read the MAC
address directly from the BMC eeprom. Command confirmed to work on Quanta
S99Q (Dell FS12-TY) for s99q.
- write-mac-address s99q dedicated|shared
MACADDR
- This OEM command will set the dedicated or shared BMC MAC
address for a specified motherboard. It will be written directly to the
BMC eeprom. (See get-nic-mode above for description on dedicated
vs. shared mode.) The BMC MAC address cannot be set through the normal
IPMI MAC address command (what is used in the bmc-config(8) tool).
The MACADDR should be specified in XX:XX:XX:XX:XX:XX form. A shared BMC
MAC address may conflict with normal communication ethernet communication
on the primary ethernet port. Users may wish to configuration an alternate
MAC address instead. After configuration of the MAC address, the BMC must
be reset. This may be accomplished by executing a cold-reset with
bmc-device(8). Command confirmed to work on Quanta S99Q (Dell
FS12-TY) for s99q.
- Sun
- get-led
- This OEM command will output current LED mode. off
indicates the LED is steady off, on indicates the LED is steady on,
standby indicates the LED blinks at a 100ms on, 2900ms off rate,
slow indicates the LED is blinking at 1Hz, and fast
indicates the LED is blinking at 4Hz. If the verbose option is set, sensor
names will be output with their entity ID and instance when appropriate.
(Similar to the --entity-sensor-names option in
ipmi-sensors.) This OEM command requires access to the SDR. Command
confirmed to work on Sun Fire 4140 with ILOM.
- set-led record_id
off|on|standby|slow|fast
- This OEM command will configure LED modes. (See
get-led above for description on LED modes.) This OEM command
requires access to the SDR. Command confirmed to work on Sun Fire 4140
with ILOM.
- Supermicro
- extra-firmware-info
- This OEM command will output additional firmware version
information. Command confirmed to work on Supermicro H8QME.
- reset-intrusion
- This OEM command will reset the motherboard intrusion flag
after it has been triggered. For example, in ipmi-sensors or
ipmi-sel, you may notice a 'General Chassis Intrusion' if the
motherboard chassis is not open, but was opened in the past. Command
confirmed to work on Supermicro H8QME.
- get-bmc-services-status
- This OEM command will determine if non-IPMI services (e.g.
ssh, http, https, vnc, etc.) are currently enabled or disabled on the BMC.
Command confirmed to work on Supermicro X8DTG.
- set-bmc-services-status enable|disable
- This OEM command will enable or disable all non-IPMI
services on the BMC. This command can be used to enable or disable
non-IPMI services such as ssh, http, https, and vnc. Command confirmed to
work on Supermicro X8DTG.
HOSTRANGED SUPPORT¶
Multiple hosts can be input either as an explicit comma separated lists of hosts
or a range of hostnames in the general form: prefix[n-m,l-k,...], where n <
m and l < k, etc. The later form should not be confused with regular
expression character classes (also denoted by []). For example, foo[19] does
not represent foo1 or foo9, but rather represents a degenerate range: foo19.
This range syntax is meant only as a convenience on clusters with a prefixNN
naming convention and specification of ranges should not be considered
necessary -- the list foo1,foo9 could be specified as such, or by the range
foo[1,9].
Some examples of range usage follow:
foo[01-05] instead of foo01,foo02,foo03,foo04,foo05
foo[7,9-10] instead of foo7,foo9,foo10
foo[0-3] instead of foo0,foo1,foo2,foo3
As a reminder to the reader, some shells will interpret brackets ([ and ]) for
pattern matching. Depending on your shell, it may be necessary to enclose
ranged lists within quotes.
When multiple hosts are specified by the user, a thread will be executed for
each host in parallel up to the configured fanout (which can be adjusted via
the
-F option). This will allow communication to large numbers of nodes
far more quickly than if done in serial.
By default, standard output from each node specified will be output with the
hostname prepended to each line. Although this output is readable in many
situations, it may be difficult to read in other situations. For example,
output from multiple nodes may be mixed together. The
-B and
-C
options can be used to change this default.
In-band IPMI Communication will be used when the host "localhost" is
specified. This allows the user to add the localhost into the hostranged
output.
GENERAL TROUBLESHOOTING¶
Most often, IPMI problems are due to configuration problems.
IPMI over LAN problems involve a misconfiguration of the remote machine's BMC.
Double check to make sure the following are configured properly in the remote
machine's BMC: IP address, MAC address, subnet mask, username, user
enablement, user privilege, password, LAN privilege, LAN enablement, and
allowed authentication type(s). For IPMI 2.0 connections, double check to make
sure the cipher suite privilege(s) and K_g key are configured properly. The
bmc-config(8) tool can be used to check and/or change these
configuration settings.
Inband IPMI problems are typically caused by improperly configured drivers or
non-standard BMCs.
In addition to the troubleshooting tips below, please see WORKAROUNDS below to
also if there are any vendor specific bugs that have been discovered and
worked around.
Listed below are many of the common issues for error messages. For additional
support, please e-mail the <freeipmi-users@gnu.org> mailing list.
"username invalid" - The username entered (or a NULL username if none
was entered) is not available on the remote machine. It may also be possible
the remote BMC's username configuration is incorrect.
"password invalid" - The password entered (or a NULL password if none
was entered) is not correct. It may also be possible the password for the user
is not correctly configured on the remote BMC.
"password verification timeout" - Password verification has timed out.
A "password invalid" error (described above) or a generic
"session timeout" (described below) occurred. During this point in
the protocol it cannot be differentiated which occurred.
"k_g invalid" - The K_g key entered (or a NULL K_g key if none was
entered) is not correct. It may also be possible the K_g key is not correctly
configured on the remote BMC.
"privilege level insufficient" - An IPMI command requires a higher
user privilege than the one authenticated with. Please try to authenticate
with a higher privilege. This may require authenticating to a different user
which has a higher maximum privilege.
"privilege level cannot be obtained for this user" - The privilege
level you are attempting to authenticate with is higher than the maximum
allowed for this user. Please try again with a lower privilege. It may also be
possible the maximum privilege level allowed for a user is not configured
properly on the remote BMC.
"authentication type unavailable for attempted privilege level" - The
authentication type you wish to authenticate with is not available for this
privilege level. Please try again with an alternate authentication type or
alternate privilege level. It may also be possible the available
authentication types you can authenticate with are not correctly configured on
the remote BMC.
"cipher suite id unavailable" - The cipher suite id you wish to
authenticate with is not available on the remote BMC. Please try again with an
alternate cipher suite id. It may also be possible the available cipher suite
ids are not correctly configured on the remote BMC.
"ipmi 2.0 unavailable" - IPMI 2.0 was not discovered on the remote
machine. Please try to use IPMI 1.5 instead.
"connection timeout" - Initial IPMI communication failed. A number of
potential errors are possible, including an invalid hostname specified, an
IPMI IP address cannot be resolved, IPMI is not enabled on the remote server,
the network connection is bad, etc. Please verify configuration and
connectivity.
"session timeout" - The IPMI session has timed out. Please reconnect.
If this error occurs often, you may wish to increase the retransmission
timeout. Some remote BMCs are considerably slower than others.
"device not found" - The specified device could not be found. Please
check configuration or inputs and try again.
"driver timeout" - Communication with the driver or device has timed
out. Please try again.
"message timeout" - Communication with the driver or device has timed
out. Please try again.
"BMC busy" - The BMC is currently busy. It may be processing
information or have too many simultaneous sessions to manage. Please wait and
try again.
"could not find inband device" - An inband device could not be found.
Please check configuration or specify specific device or driver on the command
line.
"driver timeout" - The inband driver has timed out communicating to
the local BMC or service processor. The BMC or service processor may be busy
or (worst case) possibly non-functioning.
WORKAROUNDS¶
With so many different vendors implementing their own IPMI solutions, different
vendors may implement their IPMI protocols incorrectly. The following
describes a number of workarounds currently available to handle discovered
compliance issues. When possible, workarounds have been implemented so they
will be transparent to the user. However, some will require the user to
specify a workaround be used via the -W option.
The hardware listed below may only indicate the hardware that a problem was
discovered on. Newer versions of hardware may fix the problems indicated
below. Similar machines from vendors may or may not exhibit the same problems.
Different vendors may license their firmware from the same IPMI firmware
developer, so it may be worthwhile to try workarounds listed below even if
your motherboard is not listed.
If you believe your hardware has an additional compliance issue that needs a
workaround to be implemented, please contact the FreeIPMI maintainers on
<freeipmi-users@gnu.org> or <freeipmi-devel@gnu.org>.
assumeio - This workaround flag will assume inband interfaces communicate
with system I/O rather than being memory-mapped. This will work around systems
that report invalid base addresses. Those hitting this issue may see
"device not supported" or "could not find inband device"
errors. Issue observed on HP ProLiant DL145 G1.
spinpoll - This workaround flag will inform some inband drivers (most
notably the KCS driver) to spin while polling rather than putting the process
to sleep. This may significantly improve the wall clock running time of tools
because an operating system scheduler's granularity may be much larger than
the time it takes to perform a single IPMI message transaction. However, by
spinning, your system may be performing less useful work by not contexting out
the tool for a more useful task.
authcap - This workaround flag will skip early checks for username
capabilities, authentication capabilities, and K_g support and allow IPMI
authentication to succeed. It works around multiple issues in which the remote
system does not properly report username capabilities, authentication
capabilities, or K_g status. Those hitting this issue may see "username
invalid", "authentication type unavailable for attempted privilege
level", or "k_g invalid" errors. Issue observed on Asus
P5M2/P5MT-R/RS162-E4/RX4, Intel SR1520ML/X38ML, and Sun Fire 2200/4150/4450
with ELOM.
idzero - This workaround flag will allow empty session IDs to be accepted
by the client. It works around IPMI sessions that report empty session IDs to
the client. Those hitting this issue may see "session timeout"
errors. Issue observed on Tyan S2882 with M3289 BMC.
unexpectedauth - This workaround flag will allow unexpected non-null
authcodes to be checked as though they were expected. It works around an issue
when packets contain non-null authentication data when they should be null due
to disabled per-message authentication. Those hitting this issue may see
"session timeout" errors. Issue observed on Dell PowerEdge
2850,SC1425. Confirmed fixed on newer firmware.
forcepermsg - This workaround flag will force per-message authentication
to be used no matter what is advertised by the remote system. It works around
an issue when per-message authentication is advertised as disabled on the
remote system, but it is actually required for the protocol. Those hitting
this issue may see "session timeout" errors. Issue observed on IBM
eServer 325.
endianseq - This workaround flag will flip the endian of the session
sequence numbers to allow the session to continue properly. It works around
IPMI 1.5 session sequence numbers that are the wrong endian. Those hitting
this issue may see "session timeout" errors. Issue observed on some
Sun ILOM 1.0/2.0 (depends on service processor endian).
intel20 - This workaround flag will work around several Intel IPMI 2.0
authentication issues. The issues covered include padding of usernames, and
password truncation if the authentication algorithm is HMAC-MD5-128. Those
hitting this issue may see "username invalid", "password
invalid", or "k_g invalid" errors. Issue observed on Intel
SE7520AF2 with Intel Server Management Module (Professional Edition).
supermicro20 - This workaround flag will work around several Supermicro
IPMI 2.0 authentication issues on motherboards w/ Peppercon IPMI firmware. The
issues covered include handling invalid length authentication codes. Those
hitting this issue may see "password invalid" errors. Issue observed
on Supermicro H8QME with SIMSO daughter card. Confirmed fixed on newerver
firmware.
sun20 - This workaround flag will work work around several Sun IPMI 2.0
authentication issues. The issues covered include invalid lengthed hash keys,
improperly hashed keys, and invalid cipher suite records. Those hitting this
issue may see "password invalid" or "bmc error" errors.
Issue observed on Sun Fire 4100/4200/4500 with ILOM. This workaround
automatically includes the "opensesspriv" workaround.
opensesspriv - This workaround flag will slightly alter FreeIPMI's IPMI
2.0 connection protocol to workaround an invalid hashing algorithm used by the
remote system. The privilege level sent during the Open Session stage of an
IPMI 2.0 connection is used for hashing keys instead of the privilege level
sent during the RAKP1 connection stage. Those hitting this issue may see
"password invalid", "k_g invalid", or "bad rmcpplus
status code" errors. Issue observed on Sun Fire 4100/4200/4500 with ILOM,
Inventec 5441/Dell Xanadu II, Supermicro X8DTH, Supermicro X8DTG, Intel
S5500WBV/Penguin Relion 700, Intel S2600JF/Appro 512X, and Quanta
QSSC-S4R//Appro GB812X-CN. This workaround is automatically triggered with the
"sun20" workaround.
integritycheckvalue - This workaround flag will work around an invalid
integrity check value during an IPMI 2.0 session establishment when using
Cipher Suite ID 0. The integrity check value should be 0 length, however the
remote motherboard responds with a non-empty field. Those hitting this issue
may see "k_g invalid" errors. Issue observed on Supermicro X8DTG,
Supermicro X8DTU, and Intel S5500WBV/Penguin Relion 700, and Intel
S2600JF/Appro 512X.
No IPMI 1.5 Support - Some motherboards that support IPMI 2.0 have been found to
not support IPMI 1.5. Those hitting this issue may see "ipmi 2.0
unavailable" or "connection timeout" errors. This issue can be
worked around by using IPMI 2.0 instead of IPMI 1.5 by specifying
--driver-address=
LAN_2_0. Issue observed on HP Proliant DL 145.
KNOWN ISSUES¶
On older operating systems, if you input your username, password, and other
potentially security relevant information on the command line, this
information may be discovered by other users when using tools like the
ps(1) command or looking in the /proc file system. It is generally more
secure to input password information with options like the -P or -K options.
Configuring security relevant information in the FreeIPMI configuration file
would also be an appropriate way to hide this information.
In order to prevent brute force attacks, some BMCs will temporarily "lock
up" after a number of remote authentication errors. You may need to wait
awhile in order to this temporary "lock up" to pass before you may
authenticate again.
REPORTING BUGS¶
Report bugs to <freeipmi-users@gnu.org> or <freeipmi-devel@gnu.org>.
COPYRIGHT¶
Copyright © 2008-2012 FreeIPMI Core Team
This program is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free Software
Foundation; either version 3 of the License, or (at your option) any later
version.
SEE ALSO¶
freeipmi(7),
bmc-config(8),
bmc-device(8),
ipmi-raw(8)
http://www.gnu.org/software/freeipmi/